VariantIncomplete

CWE-67Improper Handling of Windows Device Names

Category: other

Description

The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file. Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A product that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.

Common consequences· 1

  • Availability / Confidentiality / Other — DoS: Crash, Exit, or Restart, Read Application Data, Other

Potential mitigations· 1

  • [Implementation]Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.

References

  1. https://cwe.mitre.org/data/definitions/67.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Restriction of Names for Files and Other Resources
CWE
Path Traversal: 'C:dirname'
CWE
Insecure Operation on Windows Junction / Mount Point
CWE
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CWE
Path Traversal: '\absolute\pathname\here'
CWE
Path Equivalence: 'file name' (Internal Whitespace)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.